CVE-2018-3712

Name of the Vulnerable Software and Affected Versions serve versions prior to 6.4.9

Description The issue arises from the software's failure to properly handle %2e (.) and %2f (/) characters in paths, allowing a malicious user to traverse the directory tree and list the contents of any directory the user running the process has access to. This vulnerability only allows listing of directory contents and does not allow reading of arbitrary files.

Recommendations Update to version 6.4.9 or later.